Markup modifiers: raw HTML

inc/functions.php

@@ -1421,6 +1421,39 @@ function markup(&$body, $track_cites = false) {
 	$body = str_replace("\r", '', $body);
 	$body = utf8tohtml($body);
 	
+	if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
+		$skip_chars = 0;
+		$body_tmp = $body;
+		
+		foreach ($modifiers as $modifier) {
+			// preg_match_all is not multibyte-safe
+			foreach ($modifier as &$match) {
+				$match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
+			}
+			
+			$modifier['type'] = $modifier[1][0];
+			$modifier['content'] = $modifier[2][0];
+			
+			if ($modifier['type'] == 'ban message') {
+				// Public ban message
+				$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
+			} elseif ($modifier['type'] == 'raw html') {
+				$body = html_entity_decode($modifier['content']);
+				return array();
+			} elseif (preg_match('/^escape /', $modifier['type'])) {
+				// Escaped (not a real modifier)
+				$replacement = '<tinyboard ' . substr($modifier['type'], strlen('escape ')) . '>' . $modifier['content'] . '</tinyboard>';
+			} else {
+				// Unknown
+				$replacement = '';
+			}
+			
+			$body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
+			$skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
+			
+		}
+	}
+	
 	if (mysql_version() < 50503)
 		$body = mb_encode_numericentity($body, array(0x010000, 0xffffff, 0, 0xffffff), 'UTF-8');
 	
@@ -1456,36 +1489,6 @@ function markup(&$body, $track_cites = false) {
 		}
 	}
 	
-	if (preg_match_all('@&lt;tinyboard ([\w\s]+)&gt;(.+)&lt;/tinyboard&gt;@', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
-		$skip_chars = 0;
-		$body_tmp = $body;
-		
-		foreach ($modifiers as $modifier) {
-			// preg_match_all is not multibyte-safe
-			foreach ($modifier as &$match) {
-				$match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
-			}
-			
-			$modifier['type'] = $modifier[1][0];
-			$modifier['content'] = $modifier[2][0];
-			
-			if ($modifier['type'] == 'ban message') {
-				// Public ban message
-				$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
-			} elseif (preg_match('/^escape /', $modifier['type'])) {
-				// Escaped (not a real modifier)
-				$replacement = '&lt;tinyboard ' . substr($modifier['type'], strlen('escape ')) . '&gt;' . $modifier['content'] . '&lt;/tinyboard&gt;';
-			} else {
-				// Unknown
-				$replacement = '';
-			}
-			
-			$body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
-			$skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
-			
-		}
-	}
-	
 	// replace tabs with 8 spaces
 	$body = str_replace("\t", '        ', $body);
 	
@@ -1592,7 +1595,7 @@ function markup(&$body, $track_cites = false) {
 }
 
 function escape_markup_modifiers($string) {
-	return preg_replace('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@', '<tinyboard escape $1>$2</tinyboard>', $string);
+	return preg_replace('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@m', '<tinyboard escape $1>$2</tinyboard>', $string);
 }
 
 function utf8tohtml($utf8) {

post.php

@@ -379,6 +379,10 @@ if (isset($_POST['delete'])) {
 	wordfilters($post['body']);
 	$post['body'] = escape_markup_modifiers($post['body']);
 	
+	if ($mod && isset($post['raw']) && $post['raw']) {
+		$post['body'] = '<tinyboard raw html>' . $post['body'] . '</tinyboard>';
+	}
+	
 	if (mysql_version() >= 50503) {
 		$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
 	} else {
@@ -396,8 +400,7 @@ if (isset($_POST['delete'])) {
 		}
 	}
 	
-	if (!($mod && isset($post['raw']) && $post['raw']))
-		$post['tracked_cites'] = markup($post['body'], true);
+	$post['tracked_cites'] = markup($post['body'], true);
 	
 	// Check for a flood
 	if (!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {